Ági Gergely
coaching+psychology
Privacy Notice
Please read the following carefully and use my services only if you agree with every point below and consider them binding upon yourself.
1. Purpose of this notice
The purpose of this notice is to set out
Gergely Ágnes sole entrepreneur
Tax number: 67425857-1-43
Registered seat: 1126 Budapest, Brassai Sámuel utca 3. 2/9
Website: www.gergelyagi.com
Email: gergelyagi.coach@gmail.com
(hereinafter referred to as the Controller) data protection and data processing policy, and to ensure that the natural persons affected by the data processing receive appropriate information concerning the processing of their personal data.
The Controller is committed to fully complying, during her activities, with the requirements of the legislation governing the processing of personal data, as described below. Given that the processing of special categories of personal data is indispensable in the provision of the service, the Controller provides enhanced protection for such data due to its confidential nature.
This Privacy Notice is available on the website www.gergelyagi.com, and the Controller also sends it to interested persons when they apply for sessions, prior to the conclusion of the contract.
When drafting these rules, the Controller paid particular attention to the following:
-
the Fundamental Law of Hungary;
-
Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act);
-
Act CVIII of 2001 on certain issues of electronic commerce services and information society services;
-
Act VI of 1998 on the promulgation of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on 28 January 1981;
-
Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
2. Terms used in this notice
Data processing by a processor: the performance of technical tasks connected to data processing operations.
Data processing: irrespective of the procedure applied, any operation or set of operations performed on data, in particular collection, recording, registration, organisation, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing the further use of data, and the taking of photographs, audio recordings or video recordings.
Controller: the natural or legal person, or entity with legal personality, who or which, alone or jointly with others, determines the purposes of the processing of data, makes and implements decisions concerning data processing, including the means used, or has them implemented by a processor commissioned by it.
Data transfer: making data available to a specified third party.
Erasure of data: rendering data unrecognisable in such a way that its restoration is no longer possible.
Data protection incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed.
eDM (electronic Direct Mail): a direct marketing tool, advertising mail or marketing message. After the Data Subject has given prior consent to this, the Controller sends advertising or marketing messages by email to the Data Subject’s email inbox. The Data Subject receives the Controller’s offer in a personalised form.
Health data: personal data relating to the physical or mental health of a natural person, including data relating to health care services provided to the natural person that reveal information about that person’s health status.
Data Subject: the natural person whose personal data is affected by the processing.
Third party: a natural or legal person, or any other body, other than the Data Subject, the Controller, the processor, or persons who, under the direct authority of the Controller or the processor, are authorised to process personal data.
Consent: a voluntary and specific indication of the Data Subject’s wishes, based on appropriate information, by which the Data Subject gives unambiguous agreement to the processing of personal data concerning him or her, either fully or for specific operations.
Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying natural persons, health data and data from psychometric tests assessing the behavioural characteristics of natural persons, the processing of which is prohibited except for the exceptions listed in the GDPR.
Personal data: any data that can be associated with an identified natural person, in particular his or her name, identification mark, and one or more pieces of information characteristic of his or her physical, physiological, mental, economic, cultural or social identity, as well as any conclusion that can be drawn from the data concerning the Data Subject, provided that it does not qualify as data of public interest or data public on grounds of public interest. Personal data includes, among other things, name, address and email address.
Objection: a statement by the Data Subject objecting to the processing of his or her personal data and requesting the termination of the data processing or the erasure of the processed data.
3. Principles of data processing
The data processing carried out by the Controller complies with the data processing principles of the GDPR, which are the following:
Principle of lawfulness, fairness and transparency: personal data must be processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
Principle of purpose limitation: personal data must be collected only for specified, explicit and legitimate purposes and must not be processed in a manner that is incompatible with those purposes.
Principle of data minimisation: personal data must be adequate and relevant in relation to the purposes of processing and limited to what is necessary.
Principle of accuracy: personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate in relation to the purposes of the processing is erased or rectified without delay.
Principle of storage limitation: personal data must be kept in a form that permits identification of Data Subjects only for as long as is necessary for the purposes for which the personal data is processed.
Principle of integrity and confidentiality: personal data must be processed in a manner that ensures appropriate security of the personal data by using suitable technical or organisational measures, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Principle of accountability: the Controller is responsible for compliance with these principles and must be able to demonstrate such compliance.
In addition to the principles of data processing, the requirement of appropriate information can be identified as a common requirement, since the Controller must inform Data Subjects about the data processing regardless of the legal basis of any given processing.
4. Individual activities involving data processing, the data processed, the legal basis and purpose of processing, and the duration of processing
4.1. Contact
The Controller provides contact details on her website to enable the Data Subject to contact her by email.
Data affected by the processing
the Data Subject’s name, email address, and any further personal data voluntarily provided by the Data Subject
Purpose of processing
contact between the Data Subject and the Controller
Legal basis of processing
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
until the Data Subject’s request for erasure, or for the general five-year limitation period under the provisions of the Hungarian Civil Code
4.2. Booking an appointment
Data Subjects may write an email on the Controller’s website or through an email system for the purpose of requesting or booking an appointment.
Categories of data affected by the processing:
the Data Subject’s name and email address
Purpose of processing
booking an appointment for the services provided by the Controller
Legal basis of processing
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
until completion of the service provided by the Controller
4.3. Data processing related to coaching and counselling services
Within the framework of the coaching and counselling services provided by the Controller, the Controller processes personal data, including data that may belong to special categories, as follows.
Categories of data affected by the processing
The Data Subject’s name, date of birth, and other personal data voluntarily provided during the service, which may, where applicable, belong to special categories of personal data
Purpose of processing
performance of the coaching and counselling service
Legal basis of processing
The Data Subject’s explicit consent. The processing is necessary for the performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract - Article 6(1)(b) GDPR and Article 9(2)(a) GDPR.
Duration of processing
The Controller retains the documentation containing personal data relating to the Data Subject for five years following completion of the service.
4.4. Client questionnaire
The purpose of the client questionnaire is for the Controller to receive anonymous feedback on how the Data Subject learned about the services provided by the Controller.
Categories of data affected by the processing:
The Controller records the client questionnaire without a name or any other personal data.
Purpose of processing
feedback for the Controller
Legal basis of processing
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
The Controller retains the client questionnaire for five years following completion of the service.
4.5. Newsletter
Data Subjects may subscribe to the Controller’s newsletter on the Website, through which they may receive up-to-date information and relevant offers in the form of advertising mail and marketing messages (emails).
Categories of data affected by the processing
the Data Subject’s name and email address
Purpose of processing
contact between the Data Subject and the Controller, and the continuous provision of up-to-date information through the newsletter to the subscriber
Legal basis of processing
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
The Controller sends newsletter materials to Data Subjects until withdrawal of consent, or until the Data Subjects request the erasure of their data and the termination of processing by email. If the Data Subject no longer wishes to receive newsletters, he or she may unsubscribe at any time or request the erasure of his or her personal data. In the event of unsubscribing or an erasure request, the processing is terminated.
4.6. Cookies
A cookie is a small text file that is stored on the hard drive of the Data Subject’s computer or mobile device until the expiry time set in the cookie, and is reactivated on later visits. Its purpose is to record information related to the visit and personal settings; however, these are data that cannot be linked to the visitor’s person. The cookies used on the website are all functional and essential for the operation of the website; without them, the website will not function properly.
Categories of data affected by the processing:
The Controller stores all analytical information without a name or any other personal data.
Purpose of processing
storage of the Data Subject’s personal settings
Legal basis of processing
By accepting the data processing notice appearing during browsing on the website, the Data Subject gives consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
The Data Subject may delete the cookies stored on his or her computer or mobile phone at any time through the settings of his or her browser.
4.7. Social media presence - currently none
Categories of data affected by the processing:
if the Data Subject follows the Facebook page, depending also on his or her individual settings, his or her name and profile image appearing on Facebook
Purpose of processing
providing information about current information and news concerning the Controller
Legal basis of processing
The Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
The Data Subject may voluntarily unfollow the pages, or may delete unwanted news appearing on the news feed using the news feed settings.
4.8. Presentation of professionals
On the Controller’s website, users using the services may get to know the professional contracted with the Controller, who in this case is the Data Subject of the processing.
Categories of data affected by the processing:
the name and image of the professional Data Subject, his or her field of expertise, and any other data voluntarily provided by him or her during the introduction
Purpose of processing
The purpose of the processing is to enable users of the Controller’s service to get to know the professionals participating in the provision of the services.
Legal basis of processing
The professional Data Subject has given consent to the processing of his or her personal data for one or more specific purposes - Article 6(1)(a) GDPR
Duration of processing
The processing ceases upon termination of the cooperation between the Controller and the professional.
4.9. Data processing during invoicing
The data processing is carried out for the purpose of issuing an invoice in accordance with the law and fulfilling the obligation to retain accounting documents.
Categories of data affected by the processing:
the Data Subject’s name, permanent address and/or place of residence, telephone number, email address
Purpose of processing
issuing an invoice and fulfilling the obligation to retain accounting documents
Legal basis of processing
The processing is necessary for compliance with a legal obligation to which the Controller is subject (Article 6(1)(c) GDPR).
Duration of processing
eight years under the Accounting Act
5. Processors
5.1. The Controller uses the following processors in the course of processing personal data:
Name and contact details of processor, tasks:
1. Gergely Ágnes
gergelyagi.coach@gmail.com
2. Meta Platforms Ireland
Ireland, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2.
3. Facebook, Instagram, social media presence
4. Google Ireland Limited
Ireland, Gordon House, Barrow Street, Dublin 4.
Website visit data.
5. wix.com
website and hosting services
6. számlázz.hu
online invoicing software
5.2. The activities of the Processors in connection with data processing consist of providing the technical background. The Processors may not make substantive decisions concerning the processing; they may process the personal data that comes to their knowledge solely in accordance with the Controller’s instructions, may not carry out processing for their own purposes, and must store and retain personal data in accordance with the Controller’s instructions.
5.3. In the course of the services provided by the Controller, the professionals contracted with her act as processors. The professionals may not make decisions concerning the processing; they provide only counselling and consultation to the Data Subjects as clients.
5.4. Collection of privacy notices of additional processors:
The Facebook privacy policy is available at the following link:
https://www.facebook.com/privacy/explanation
The Instagram privacy policy is available at the following link:
https://help.instagram.com/519522125107875
The számlázz.hu privacy policy is available at the following link:
https://www.szamlazz.hu/adatvedelem/
The WIX privacy policy is available at the following link:
https://www.wix.com/about/privacy
The Google privacy policy is available at the following link:
https://policies.google.com/privacy
6. Data transfer
The Controller does not transfer the personal data that comes into her possession to any third party in any manner without the prior consent of the Data Subject, except in cases where the Controller is obliged by law to transfer the data.
7. Data security
The Controller stores the personal data named above at her registered seat, in her own IT system, and on the servers of the Processors responsible for hosting services.
The Controller undertakes to ensure the security of the data in accordance with the GDPR and the Info Act, keeping the rights of the Data Subjects in mind.
The Controller keeps a record of any data protection incidents and, where necessary, informs the Data Subject of any incidents that arise, as well as the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), if required.
Personal data may be accessed by persons acting within the Controller’s sphere of interest who need such access to perform their activities and who are aware of and understand the obligations relating to the processing of data.
The Controller takes all necessary measures to ensure the secure and intact processing of the data, and to establish and operate the data processing systems required for this. The Controller ensures that unauthorised persons cannot access, disclose, transfer, modify or erase the processed data.
The Controller undertakes to ensure data security using the most up-to-date and appropriate equipment and security rules, in particular to prevent unauthorised access to the data and to prevent the unlawful disclosure, erasure or destruction of the data. The Controller makes every effort to ensure that the data is not accidentally damaged or destroyed. The Controller also imposes the above undertaking on those participating in the data processing activities.
8. Rights of the Data Subject during data processing
During the period of data processing, the Data Subject has the following rights:
Right to information
The Controller must provide information on the essential aspects of data processing in an appropriate manner, using simple and accessible language, and in a way that is easy to find, whether online or offline. At the time of obtaining the personal data, or if the Data Subject subsequently requests information, when providing such information, the Controller must make the Privacy Notice available to the Data Subject and have him or her sign a statement confirming that he or she has become acquainted with, understood and accepted its contents.
The Data Subject is entitled at any time to request information about the personal data concerning him or her that is processed by the Controller. The information may be requested at the electronic email address indicated in the notice prepared for the given processing activity (gergelyagi.coach@gmail.com). On the basis of the request, the Controller must provide the requested information within 30 days.
Right to erasure
The Data Subject has the right to request that the Controller erase personal data concerning him or her without undue delay, and the Controller is obliged to erase personal data concerning the Data Subject without undue delay. If the Controller has allowed third parties access to the data requested to be erased, she must inform all those to whom she disclosed the data concerned that they must erase all links to, and all personal data stored by them concerning, the Data Subject. The aim is for the data concerned to “disappear” from available databases, unless there is a legal or reasonable obstacle to this.
The erasure request does not have to be fulfilled where the processing is necessary:
-
for exercising the right of freedom of expression and information;
-
for the establishment, exercise or defence of legal claims;
-
for compliance with a legal obligation;
-
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, and erasure would make impossible or seriously impair the achievement of the objectives of that processing.
The Controller also erases the personal data appearing in the documentation relating to the Data Subject if the purpose connected to the processing of the personal data has ceased. In the case of paper-based documentation, its destruction must be recorded in minutes so that the fact of destruction can later be proven to the competent authority.
Rectification of data
The Data Subject may indicate that the processed data is inaccurate and may request what should be indicated instead. The Controller is responsible for the accuracy of the data, and therefore it is necessary to verify its accuracy from time to time.
Right to restriction of processing
The Data Subject may request that the Controller restrict the processing of his or her personal data, for example in an unclear or disputed situation. Where processing is restricted, such personal data, with the exception of storage, may be processed only with the Data Subject’s consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
Right to data portability
The Data Subject may request to receive the data processed concerning him or her in a structured, commonly used, machine-readable format (for example .doc, .pdf, etc.) and is entitled to transmit those data to another Controller without hindrance from the original Controller. This makes it easier for the person affected by the processing to transfer his or her personal data from one Controller to another.
Right to object
Where the Data Subject has not given consent to the processing of data, he or she has the right to object at any time to the processing of his or her personal data for a specific reason.
If the Data Subject wishes to exercise his or her rights, this involves identification, and the Controller must necessarily communicate with the Data Subject. Therefore, personal data will need to be provided for identification, and the Data Subject’s complaint concerning the data processing will be accessible in the email account within the period indicated in this notice in relation to complaints. The Controller responds to complaints concerning data processing without delay, but no later than within 30 days.
9. Remedies
The Data Subject is entitled to lodge a complaint with the NAIH (1055 Budapest, Falk Miksa u. 9-11.; www.naih.hu, Telephone: +36 (1) 391-1400, Fax: +36 (1) 391-1410, Email: ugyfelszolgalat@naih.hu) or to enforce his or her rights relating to the processing of personal data before the court having competence and jurisdiction under Act CXXX of 2016 on the Code of Civil Procedure.
10. Final provisions
10.1. If the Controller intends to carry out further processing of the personal data for a purpose other than the purpose set out in this notice, she will inform the Data Subject of the new purpose of the processing before the further processing. Processing for the new purpose may commence only after this and, where the legal basis for the processing is consent, only if the Data Subject also gives consent to the processing in addition to being informed.
10.2. This Privacy Notice is valid until withdrawn; its personal scope extends to the Controller, her processors, her professionals and all other persons in a contractual agency relationship.
10.3. The Privacy Notice must be reviewed annually and in the event of changes in EU or domestic legislation. Only the Controller is entitled to amend the notice.
This Privacy Notice is valid from 10 May 2026.
Gergely Ágnes sole entrepreneur
Controller